The default administrator account, named
admin, initially has no password.
Unlike other administrator accounts, the
admin administrator account exists by default and cannot be deleted. The
admin administrator account is similar to a root administrator account. This administrator account always has full permission to view and change all FortiWeb configuration options, including viewing and changing all other administrator accounts. Its name and permissions cannot be changed.
Before you connect the FortiWeb appliance to your overall network, you should configure the
admin account with a password to prevent others from logging in to the FortiWeb and changing its configuration.
|Set a strong password for the
admin administrator account, and change the password regularly. Failure to maintain the password of the
admin administrator account could compromise the security of your FortiWeb appliance. As such, it can constitute a violation of PCI DSS compliance and is against best practices. For improved security, the password should be at least eight characters long, be sufficiently complex, and be changed regularly.
To change the
admin administrator password via the web UI
- Go to System > Admin > Administrators.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Admin Users category. For details, see Permissions.
- In the row corresponding to the
adminadministrator account, mark its check box.
- Click Change Password.
- In the Old Password field, do not enter anything. In its default state, there is no password for the
- In the New Password field, enter a password with sufficient complexity and number of characters to deter brute force attempts and other attacks.
- In the Confirm Password field, enter the new password again to confirm its spelling.
- Click OK.
- Click Logout.
|If you have configured Password Policy in System > Admin > Settings, follow the settings when entering the new password.
FortiWeb logs you out. To continue using the web UI, you must log in again. The new password takes effect the next time that
admin administrator account logs in.
To change the
admin administrator password via the CLI
Enter the following commands:
config system admin
set password <new-password_str> ''
<new-password_str> is the password for the administrator account named
FortiWeb logs you out. To continue working in the CLI, you must log in again using the new password.
|If you have configured
admin-lockout-duration via CLI, FortiWeb will lock the account according to the login failure times and lockout duration you have set. See FortiWeb CLI Reference for details.